Merge pull request #109048 from aanaparthi/patch-3

Court72 · web-flow · commit 547beca24f64 · 2023-05-26T08:25:55.000-06:00
Update application-management-certs-faq.md
diff --git a/articles/active-directory/manage-apps/application-management-certs-faq.md b/articles/active-directory/manage-apps/application-management-certs-faq.md
@@ -30,6 +30,9 @@ You can find the steps [here](manage-certificates-for-federated-single-sign-on.m
 
 By default, Azure AD configures a certificate to expire after three years when it is created automatically during SAML single sign-on configuration. Because you can't change the date of a certificate after you save it, you need to create a new certificate. For steps on how to do so, please refer [Customize the expiration date for your federation certificate and roll it over to a new certificate](manage-certificates-for-federated-single-sign-on.md#customize-the-expiration-date-for-your-federation-certificate-and-roll-it-over-to-a-new-certificate).
 
+> [!NOTE]
+> The recommended way to create SAML applications is through the Azure AD Application Gallery, which will automatically create a three-year valid X509 certificate for you. 
+
 ## How can I automate the certificates expiration notifications?
 
 Azure AD will send an email notification 60, 30, and 7 days before the SAML certificate expires. You may add more than one email address to receive notifications.
